Method and apparatus for consent document management

ABSTRACT

An approach is provided for consent document management. The consent platform causes, at least in part, a creation of one or more consent document objects representing one or more consent documents, metadata associated with the consent documents, or a combination thereof. Next, the consent platform processes and/or facilitates a processing of one or more responses to the one or more consent documents to cause, at least in part, a creation of one or more user response objects, wherein the one or more user response objects record the one or more responses on a per user basis.

RELATED APPLICATIONS

This application claims the benefit of the earlier filing date under 35U.S.C. §119(e) of U.S. Provisional Application Serial No. 61/581,903filed Dec. 30, 2011, entitled “Method and Apparatus for Consent DocumentManagement,” the entirety of which is incorporated herein by reference.

BACKGROUND

Service providers and device manufacturers (e.g., wireless, cellular,etc.) are continually challenged to deliver value and convenience toconsumers by, for example, providing compelling network services. Priorto receiving the benefits of such services, end-users generally mustagree to terms and conditions, privacy policies, etc., associated withthese services. Documents, containing these terms and conditions,privacy policies, etc., are typically downloaded from the Internet,hard-coded into applications providing such services, attained fromfiles on the local device hosting such applications, etc. However, thesedocuments are not necessarily the latest versions or locally correct.Moreover, the storage of such documents and responses to such documentsare not performed in a centralized manner. As such, users may beprevented from accessing consent-related records, be required toresubmit previous responses, etc., for instance, when they switch orreplace applications, services, or devices.

SOME EXAMPLE EMBODIMENTS

Therefore, there is a need for an approach for consent documentmanagement.

According to one embodiment, a method comprises causing, at least inpart, a creation of one or more consent document objects representingone or more consent documents, metadata associated with the consentdocuments, or a combination thereof. The method also comprisesprocessing and/or facilitating a processing of one or more responses tothe one or more consent documents to cause, at least in part, a creationof one or more user response objects, wherein the one or more userresponse objects record the one or more responses on a per user basis.

According to another embodiment, an apparatus comprises at least oneprocessor, and at least one memory including computer program code forone or more computer programs, the at least one memory and the computerprogram code configured to, with the at least one processor, cause, atleast in part, the apparatus to cause, at least in part, a creation ofone or more consent document objects representing one or more consentdocuments, metadata associated with the consent documents, or acombination thereof. The apparatus is also caused to process and/orfacilitate a processing of one or more responses to the one or moreconsent documents to cause, at least in part, a creation of one or moreuser response objects, wherein the one or more user response objectsrecord the one or more responses on a per user basis.

According to another embodiment, a computer-readable storage mediumcarries one or more sequences of one or more instructions which, whenexecuted by one or more processors, cause, at least in part, anapparatus to cause, at least in part, a creation of one or more consentdocument objects representing one or more consent documents, metadataassociated with the consent documents, or a combination thereof. Theapparatus is also caused to process and/or facilitate a processing ofone or more responses to the one or more consent documents to cause, atleast in part, a creation of one or more user response objects, whereinthe one or more user response objects record the one or more responseson a per user basis.

According to another embodiment, an apparatus comprises means forcausing, at least in part, a creation of one or more consent documentobjects representing one or more consent documents, metadata associatedwith the consent documents, or a combination thereof. The apparatus alsocomprises means for processing and/or facilitating a processing of oneor more responses to the one or more consent documents to cause, atleast in part, a creation of one or more user response objects, whereinthe one or more user response objects record the one or more responseson a per user basis.

In addition, for various example embodiments of the invention, thefollowing is applicable: a method comprising facilitating a processingof and/or processing (1) data and/or (2) information and/or (3) at leastone signal, the (1) data and/or (2) information and/or (3) at least onesignal based, at least in part, on (or derived at least in part from)any one or any combination of methods (or processes) disclosed in thisapplication as relevant to any embodiment of the invention.

For various example embodiments of the invention, the following is alsoapplicable: a method comprising facilitating access to at least oneinterface configured to allow access to at least one service, the atleast one service configured to perform any one or any combination ofnetwork or service provider methods (or processes) disclosed in thisapplication.

For various example embodiments of the invention, the following is alsoapplicable: a method comprising facilitating creating and/orfacilitating modifying (1) at least one device user interface elementand/or (2) at least one device user interface functionality, the (1) atleast one device user interface element and/or (2) at least one deviceuser interface functionality based, at least in part, on data and/orinformation resulting from one or any combination of methods orprocesses disclosed in this application as relevant to any embodiment ofthe invention, and/or at least one signal resulting from one or anycombination of methods (or processes) disclosed in this application asrelevant to any embodiment of the invention.

For various example embodiments of the invention, the following is alsoapplicable: a method comprising creating and/or modifying (1) at leastone device user interface element and/or (2) at least one device userinterface functionality, the (1) at least one device user interfaceelement and/or (2) at least one device user interface functionalitybased at least in part on data and/or information resulting from one orany combination of methods (or processes) disclosed in this applicationas relevant to any embodiment of the invention, and/or at least onesignal resulting from one or any combination of methods (or processes)disclosed in this application as relevant to any embodiment of theinvention.

In various example embodiments, the methods (or processes) can beaccomplished on the service provider side or on the mobile device sideor in any shared way between service provider and mobile device withactions being performed on both sides.

For various example embodiments, the following is applicable: Anapparatus comprising means for performing the method of any oforiginally filed claims 1-10, 21-30, and 46-48.

Still other aspects, features, and advantages of the invention arereadily apparent from the following detailed description, simply byillustrating a number of particular embodiments and implementations,including the best mode contemplated for carrying out the invention. Theinvention is also capable of other and different embodiments, and itsseveral details can be modified in various obvious respects, all withoutdeparting from the spirit and scope of the invention. Accordingly, thedrawings and description are to be regarded as illustrative in nature,and not as restrictive.

BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments of the invention are illustrated by way of example, andnot by way of limitation, in the figures of the accompanying drawings:

FIG. 1 is a diagram of a system capable of consent document management,according to one embodiment;

FIG. 2 is a diagram of the components of a consent platform, accordingto one embodiment;

FIG. 3 is a flowchart of a process for consent document management,according to one embodiment;

FIG. 4 is a flowchart of a process for presenting consent documentobjects and user response objects on various applications and devices,according to one embodiment;

FIG. 5 is a flowchart of a process for providing notifications inresponse to inconsistent consent behavior, according to one embodiment;

FIG. 6 is a diagram of consent document objects, according to oneembodiment;

FIG. 7 provides high-level class diagrams for various base components,according to one embodiment;

FIGS. 8A-8C are diagrams of user interfaces utilized in the processes ofFIGS. 3-5, according to various embodiments;

FIG. 9 is a diagram of hardware that can be used to implement anembodiment of the invention;

FIG. 10 is a diagram of a chip set that can be used to implement anembodiment of the invention; and

FIG. 11 is a diagram of a mobile terminal (e.g., handset) that can beused to implement an embodiment of the invention.

DESCRIPTION OF SOME EMBODIMENTS

Examples of a method, apparatus, and computer program for consentdocument management are disclosed. In the following description, for thepurposes of explanation, numerous specific details are set forth inorder to provide a thorough understanding of the embodiments of theinvention. It is apparent, however, to one skilled in the art that theembodiments of the invention may be practiced without these specificdetails or with an equivalent arrangement. In other instances,well-known structures and devices are shown in block diagram form inorder to avoid unnecessarily obscuring the embodiments of the invention.

FIG. 1 is a diagram of a system capable of consent document management,according to one embodiment. As discussed, typical approaches toproviding consent documents (e.g., documents that contain terms andconditions, privacy or security policies, marketing consents, etc.)typically do not offer a mechanism to ensure that users are suppliedwith the latest versions of the consent documents (e.g., notwithstandingthe particular version of the application, device, etc.), that theconsent documents are appropriate for the specific jurisdiction, etc.For example, a local installation file for a particular application maycontain a consent document that was appropriate when the application wasinstalled for the first time. Due to circumstantial changes, a newversion of the consent document may later be adopted for the current andfuture versions of the application. Nonetheless, when the localinstallation file is reused to reinstall the application, the user willgenerally be presented with the older version of the consent documentcontained within the local installation file. In addition, the storageof such documents and responses to such documents are generally notperformed in a centralized manner. In some instances, the particularresponses (e.g., accept, decline, etc.) are not recorded at all, butmerely act to enable or prevent installation of an application (e.g., if“Accept,” allow installation; otherwise, close installer program). Assuch, users may be prevented from accessing consent-related records, berequired to resubmit previous responses, etc., for instance, when theyswitch or replace applications, services, or devices.

To address this problem, a system 100 of FIG. 1 introduces thecapability to manage consent documents as well as responses to consentdocuments, for instance, through the use of consent document objects anduser response objects. Specifically, the system 100 may create consentdocument objects representing consent documents and/or metadataassociated with the consent documents. The system 100 may furtherprocess responses to the consent documents to create user responseobjects that record the responses on a per user basis (e.g., each userresponse object records the responses of an individual user rather thanthe responses of user groups, collective responses, etc.). Consentdocument objects and user response objects may, for instance, becentrally stored for access by various applications, devices, users,etc. The following details and embodiments illustrate situations inwhich the consent document objects and user response objects can beeffectively utilized to enable distribution and maintenance of consentdocuments, solicitation and recording of responses to these consentdocuments, and enforcement of associated agreed-upon terms/policies.

As shown in FIG. 1, the system 100 comprises a user equipment (UE) 101(or multiple UEs 101 a-101 n) having connectivity to a consent platform103 via a communication network 105. The UE 101 may include or haveaccess to an application 107 (e.g., applications 107 a-107 n) to enablethe UE 101 to interact with, for instance, the consent platform 103,which may: (1) cause a creation of consent document objects representingconsent documents and/or metadata associated with the consent documents;(2) process responses to the consent documents to create user responseobjects that record the responses on a per user basis; (3) present theconsent document objects and/or the user response objects on anapplication and/or a device based on one or more user interfacecapabilities determined for the application and/or the device; (4) querythe consent document objects and/or the user response objects for theconsent documents and/or the responses based on predetermined criteria;(5) process the consent document objects and/or the user responseobjects to determine consent behavior of one or more users associatedwith the consent document objects and/or the user response objects; or(6) perform other functions. The consent platform 103 may include orhave access to a document database 109 to access or store consentdocument objects, consent documents, metadata associated with theconsent documents, etc. The consent platform 103 may also include orhave access to a settings database 111 to access or store user responseobjects, specific settings for various application/device, settingsrelated to sharing and access control, etc. Data stored in the documentdatabase 109 and the settings database 111 may, for instance, beprovided by the UEs 101, a service platform 113, one or more services115 (or services 115 a-115 k), one or more content providers 117 (orcontent providers 117 a-117 m), and/or other services available over thecommunication network 105. It is noted that the consent platform 103 maybe a separate entity of the system 100, a part of the one or moreservices 115 of the service platform 113, or included within the UE 101(e.g., as part of the application 107).

By way of example, the communication network 105 of system 100 includesone or more networks such as a data network, a wireless network, atelephony network, or any combination thereof. It is contemplated thatthe data network may be any local area network (LAN), metropolitan areanetwork (MAN), wide area network (WAN), a public data network (e.g., theInternet), short range wireless network, or any other suitablepacket-switched network, such as a commercially owned, proprietarypacket-switched network, e.g., a proprietary cable or fiber-opticnetwork, and the like, or any combination thereof. In addition, thewireless network may be, for example, a cellular network and may employvarious technologies including enhanced data rates for global evolution(EDGE), general packet radio service (GPRS), global system for mobilecommunications (GSM), Internet protocol multimedia subsystem (IMS),universal mobile telecommunications system (UMTS), etc., as well as anyother suitable wireless medium, e.g., worldwide interoperability formicrowave access (WiMAX), Long Term Evolution (LTE) networks, codedivision multiple access (CDMA), wideband code division multiple access(WCDMA), wireless fidelity (WiFi), wireless LAN (WLAN), Bluetooth®,Internet Protocol (IP) data casting, satellite, mobile ad-hoc network(MANET), and the like, or any combination thereof

The UE 101 is any type of mobile terminal, fixed terminal, or portableterminal including a mobile handset, station, unit, device, multimediacomputer, multimedia tablet, Internet node, communicator, desktopcomputer, laptop computer, notebook computer, netbook computer, tabletcomputer, personal communication system (PCS) device, personalnavigation device, personal digital assistants (PDAs), audio/videoplayer, digital camera/camcorder, positioning device, televisionreceiver, radio broadcast receiver, electronic book device, game device,or any combination thereof, including the accessories and peripherals ofthese devices, or any combination thereof. It is also contemplated thatthe UE 101 can support any type of interface to the user (such as“wearable” circuitry, etc.).

In another embodiment, the consent platform 103 may determine one oruser interface capabilities of one or more applications, one or moredevices, or a combination thereof. The consent platform 103 may thencause, at least in part, a presentation of the one or more consentdocument objects, the one or more user response objects, or acombination thereof based, at least in part, on the one or more userinterface capabilities. By way of example, an installer applicationrunning on a particular mobile device may request presentation of aconsent document object on the mobile device. In response, the consentplatform 103 may identify user interface capability values associatedwith the user interface capabilities of the installer application andthe mobile device (e.g., the presentation request may includeidentifiers for the installer application and the mobile device that canbe used to look up the user interface capability values, thepresentation request may include the user interface capability values,etc.). Moreover, the consent platform 103 may identify the userinterface capability values associated with the consent document object,and then match the user interface capability values of the installerapplication and the mobile device with the user interface capabilityvalues of the consent document object. As a result, the consent documentobject may be presented on the user interface of the installerapplication based on the matching of the respective user interfacecapability values (e.g., by converting the consent document object intoapplication-specific or device-specific content based on the matching,and transmitting the application-specific or device-specific content tothe requesting application/device). It is noted that various features ofthe consent platform 103 may also exist at the mobile device. Forexample, after the mobile device is provided with the consent documentobject (e.g., representing a consent document and metadata associatedwith the consent document), the mobile device may perform theidentification, matching, and presentation steps, as described above.

In another embodiment, the consent platform 103 may determine to querythe one or more consent document objects, the one or more user responseobjects, or a combination thereof for the one or more consent documents,the one or more responses, or a combination thereof based, at least inpart, on one or more predetermined criteria. The one or morepredetermined criteria may, for instance, include a document identifier,a jurisdiction identifier, a language identifier, a version identifier,a user identifier, or a combination thereof. In one scenario, anapplication may, for instance, request the latest version of itscorresponding privacy policy for Finland in Swedish. Consequently, theconsent platform 103 may search through the one or more consentdocuments (e.g., by querying the document database 109) for the desiredprivacy policy, for instance, based on an associated document identifier(e.g., corresponding to the application) and the terms “latest,”“Finland,” and “Swedish.”

In another scenario, an application may be programmed to determinewhether a user has already consented to the application's latest termsand conditions prior to the user initiating use of the application.Thus, the application may query the one or more user response objects(e.g., by querying the settings database 111) based on a user identifierassociated with the user and the associated document identifier. In thisway, the user does not need to resubmit consent every time that theapplication is reinstalled on the same device, installed on anotherdevice, etc. In a further scenario, the application may also check(e.g., periodically, upon detection of a new version, etc.) to see ifthe user has consented to the latest version of the associated consentdocument. If, for instance, the application detects that a new versionof the associated consent document is available, the application mayquery the one or more user response objects to determine whether theuser has already accepted the latest version's terms and conditions.Accordingly, the consent platform 103 may be utilized to ensure thatusers have accepted the latest versions of terms and conditions, privacyand security policies, marketing consents, etc., prior to usingrespective applications, services, etc. Similarly, such an approach maybe utilized to ensure that users have agreed to the appropriate consentdocuments according to the jurisdiction, the language, etc.

In another embodiment, the consent platform 103 may determine contextinformation associated with the one or more responses upon a detectionof the one or more responses, wherein the one or more user responseobjects include, at least in part, the context information. In one usecase, for instance, a user response object may contain a timestamprepresenting the date and time that a response (e.g., some level ofacceptance, decline, etc.) was submitted by a user. It is noted that thetimestamps included with the user response objects may be useful in anumber of circumstances, including a determination of which particularterms, policies, etc., should apply in various situations. By way ofexample, content sharing policies may differ from one version of aconsent document to another version of the consent document. If, forinstance, the laws of a certain jurisdiction prohibits the retroactiveapplication of new/modified terms to previous user activities/actions(e.g., previously uploaded pictures), then user activities/actions thatoccurred prior to the recorded time-stamped acceptance of thenew/modified terms will be governed by the old/unmodified terms (e.g., apicture taken before the acceptance of the new policy will be based onthe old policy). In another scenario, the user response object mayinclude location information with respect to the location of the userwhen the user submitted the response.

In another embodiment, the consent platform 103 may determine one ormore timelines associated with the one or more user response objectsbased, at least in part, on the context information. As discussed, theone or more use response objects may include the context information,such as timestamps representing the dates and times that associatedresponses were submitted by respective users. Thus, in one scenario, theone or more timelines for the one or more user response objects may beaccording to the timestamps. In a further scenario, a user may log intohis/her account to check the user's consent history with respect to allof the applications and services that the user has previously utilized.To facilitate user readability, the user response objects (e.g.,representing the responses that the user has given) may be rendered forthe user based on the timeline determined for the user response objectsof the user.

In another embodiment, the consent platform 103 may process and/orfacilitate a processing of the one or more consent document objects, theone or more user response objects, or a combination thereof to determineconsent behavior of one or more users associated with the one or moreconsent document objects, the one or more user response objects, or acombination thereof. By way of example, the consent platform 103 maydetermine consent behavior of a particular user by querying the one ormore consent document objects and the one or more user response objects(e.g., by querying the document database 109 and the settings database111) and analyzing the various responses to associated consentdocuments.

In another embodiment, the consent platform 103 may determine aninconsistency between at least one of the one or more user responseobjects and the consent behavior. The consent platform 103 may thencause, at least in part, a notification relating to at least one of theone or more responses associated with the at least one user responseobject based, at least in part, the inconsistency. In one use case, auser may be provided with an alert (e.g., via email, messenger, etc.)when it is determined that someone (or something) under the user'saccount has agreed to terms and conditions that are similar to terms andconditions that the user has consistently rejected in the past. If, forinstance, the user did not accept the particular terms and conditions,the user may be provided with an option to decline the terms andconditions (e.g., by logging into his/her user account to cancel theacceptance). In this way, users may be protected from unauthorizedconsent to certain terms and conditions, for instance, that enableunauthorized access to user data (e.g., unauthorized consent caused bymalware programs).

In another embodiment, the consent platform 103 may cause, at least inpart, an association of the one or more consent document objects withone or more rules relating, at least in part, to a delivery, apresentation, an enforcement, or a combination thereof of the one ormore consent document objects. By way of example, these rules maydescribe the supersession relationships between various consent documentobjects, such that a particular consent document object may supersedeother consent document objects. Superseded consent document objects may,however, still be valid and enforceable, for instance, with respect totheir associated policies that are not inconsistent with the associatedpolicies of superseding consent document objects. In other words, therules may dictate whether the terms and conditions, policies, etc., ofcertain consent document objects preempts the terms and conditions,policies, etc., of various other consent document objects.

In another embodiment, at least one of the one or more consentdocuments, at least one of the one or more responses, or a combinationthereof are a supplement for at least another one of the one or moreconsent documents, at least another one of the one or more user responseobjects, or a combination thereof. In one scenario, a particular serviceprovider may require that users agree to a primary consent documentcontaining terms of service/use for applications distributed by theservice provider before downloading and installing such applications. Inaddition, each of the applications may require that users agree to theirown respective secondary consent documents before the respectiveapplications may be downloaded or installed. The secondary consentdocuments may, however, be limited to supplementing the primary consentdocument based on the one or more rules associated with correspondingconsent document objects. For example, the rules may enable thesecondary consent documents to add to or modify certain portions of theprimary consent document, while prohibiting the addition or modificationof terms that are inconsistent with various other portions of theprimary consent document. In this way, the consent platform 103 mayenable dynamic tailoring of the required consent documents byapplication (or application developers) while ensuring that certainterms and conditions of the service provider are not overridden.

In a further embodiment, the consent platform 103 may cause, at least inpart, a linking of the one or more consent document objects, the one ormore user response objects, or a combination thereof to represent acomposite of the respective consent documents, the respective responses,or a combination thereof. By way of example, a consent document objectassociated with the primary consent document may be linked with aconsent document object associated with a secondary consent document torepresent the complete consent document (e.g., the combination of theprimary consent document and the secondary consent document) that a useris required to consent to in order to download and install a particularapplication from the service provider. Thus, the consent platform 103may enforce the terms of the combined consent documents (e.g., based onthe supersession or preemption rules) associated with the consentdocument objects based on the linking

By way of example, the UE 101, the consent platform 103, the serviceplatform 113, the services 115, and the content providers 117communicate with each other and other components of the communicationnetwork 105 using well known, new or still developing protocols. In thiscontext, a protocol includes a set of rules defining how the networknodes within the communication network 105 interact with each otherbased on information sent over the communication links. The protocolsare effective at different layers of operation within each node, fromgenerating and receiving physical signals of various types, to selectinga link for transferring those signals, to the format of informationindicated by those signals, to identifying which software applicationexecuting on a computer system sends or receives the information. Theconceptually different layers of protocols for exchanging informationover a network are described in the Open Systems Interconnection (OSI)Reference Model.

Communications between the network nodes are typically effected byexchanging discrete packets of data. Each packet typically comprises (1)header information associated with a particular protocol, and (2)payload information that follows the header information and containsinformation that may be processed independently of that particularprotocol. In some protocols, the packet includes (3) trailer informationfollowing the payload and indicating the end of the payload information.The header includes information such as the source of the packet, itsdestination, the length of the payload, and other properties used by theprotocol. Often, the data in the payload for the particular protocolincludes a header and payload for a different protocol associated with adifferent, higher layer of the OSI Reference Model. The header for aparticular protocol typically indicates a type for the next protocolcontained in its payload. The higher layer protocol is said to beencapsulated in the lower layer protocol. The headers included in apacket traversing multiple heterogeneous networks, such as the Internet,typically include a physical (layer 1) header, a data-link (layer 2)header, an internetwork (layer 3) header and a transport (layer 4)header, and various application (layer 5, layer 6 and layer 7) headersas defined by the OSI Reference Model.

FIG. 2 is a diagram of the components of a consent platform, accordingto one embodiment. By way of example, the consent platform 103 includesone or more components for consent document management. It iscontemplated that the functions of these components may be combined inone or more components or performed by other components of equivalentfunctionality. In this embodiment, the consent platform 103 includescontrol logic 201, memory 203, a document delivery module 205, asettings module 207, a query module 209, an enforcement module 211, anda communication interface 213.

The control logic 201 executes at least one algorithm for executingfunctions of the consent platform 103. For example, the control logic201 may interact with the document delivery module 205 to create consentdocument objects representing consent documents and/or metadataassociated with the consent documents. The control logic 201 may alsowork with the settings module 207 to process responses to the consentdocuments to create user response objects that record the responses on aper user basis. Additionally, the document delivery module 205 and thesettings module 207 may work together to determine user interfacecapabilities of a application, a device, etc., for presentation of theconsent document objects and the user response objects on theapplication, the device, etc. As such, in some embodiments, the documentdelivery module 205 may be responsible for the management andpresentation of necessary legal documents (e.g., the consent documents),such as terms and conditions, privacy and security policies, marketingconsents, etc. The document delivery module 205 may, for instance,utilize the data infrastructure (e.g., of the document database 109) tostore the consent document objects, the consent documents, metadataassociated with the consent documents, etc., as necessary. In certainembodiments, the settings module 207 may be responsible for themanagement and presentation of individual user's settings related toconsent acceptance (e.g., user response objects), specific sharingsettings and access control, specific application and device settings,etc. The settings module 207 may make such settings globally availablefor the individual users, for instance, by storing the settings in thesettings database 111.

Moreover, the control logic 201 may direct the query module 209 to queryconsent document objects and/or user response objects in the documentdatabase 109, the settings database 111, etc., for consent documentsand/or responses based on predetermined criteria. As mentioned, thepredetermined criteria may include a document identifier, a jurisdictionidentifier, a language identifier, a version identifier, a useridentifier, etc. Query requests may, for instance, be initiated by thedocument delivery module 205, the settings module 207, etc., to performqueries such as the “latest version of the privacy policy for Finland inSwedish.” In various embodiments, query requests may further be utilizedas a mechanism to update the consent document objects and the userresponse objects as well as the consent documents, the metadataassociated with the consent documents, and individual user settings.

Furthermore, the control logic 201 may interact with the enforcementmodule 211 to apply the various settings to various data flows. Forexample, the enforcement module 211 may implement a filtering functionbased on the various settings when collecting information with respectto the consent document objects and the user response objects. In someembodiments, the enforcement module 211 may also enforce the rulesrelating to a delivery, a presentation, and/or an enforcement of theconsent document objects. The control logic 201 may additionally utilizethe communication interface 213 to communicate with other components ofthe consent platform 103, the UEs 101, the service platform 113, theservices 115, the content providers 117, and other components of thesystem 100. For example, the communication interface 213 may transmitquery requests from the document delivery module 205 or the settingsmodule 207 to the query module 209. The communication interface 213 mayfurther include multiple means of communication. In one use case, thecommunication interface 213 may be able to communicate over shortmessage service (SMS), multimedia messaging service (MMS), internetprotocol, email, instant messaging, voice sessions (e.g., via a phonenetwork), or other types of communication.

FIG. 3 is a flowchart of a process for consent document management,according to one embodiment. In one embodiment, the consent platform 103performs the process 300 and is implemented in, for instance, a chip setincluding a processor and a memory as shown in FIG. 10. As such, thecontrol logic 201 can provide means for accomplishing various parts ofthe process 300 as well as means for accomplishing other processes inconjunction with other components of the consent platform 103.

In step 301, the control logic 201 may cause, at least in part, acreation of one or more consent document objects representing one ormore consent documents, metadata associated with the one or more consentdocuments, or a combination thereof. In one scenario, these consentdocument objects may be stored in a central database (e.g., the documentdatabase 109) that is accessible by a number of applications anddevices. As such, these applications and devices may check the centraldatabase for the most relevant adaptation of the consent document (e.g.,the latest version of a consent document for a particular application ordevice, the appropriate consent document for the jurisdiction and theuser's predetermined language, etc.).

In step 303, the control logic 201 may process and/or facilitate aprocessing of one or more responses to the one or more consent documentsto cause, at least in part, a creation of one or more user responseobjects, wherein the one or more user response objects record the one ormore responses on a per user basis. As an example, these user responseobjects may be stored in the settings database 111 for access by variousapplications and devices, for instance, to check for previouslyacceptance of particular consent documents by users when reinstallingapplications on a device, reinitiating service on the device, installingthe applications or services on another device, etc. In this way, userscan avoid having to go through the consent process multiple times withrespect to the same consent document.

FIG. 4 is a flowchart of a process for presenting consent documentobjects and user response objects on various applications and devices,according to one embodiment. In one embodiment, the consent platform 103performs the process 400 and is implemented in, for instance, a chip setincluding a processor and a memory as shown in FIG. 10. As such, thecontrol logic 201 can provide means for accomplishing various parts ofthe process 400 as well as means for accomplishing other processes inconjunction with other components of the consent platform 103.

In step 401, the control logic 201 may determine to query the one ormore consent document objects, the one or more user response objects, ora combination thereof for the one or more consent documents, the one ormore responses, or a combination thereof based, at least in part, on oneor more predetermined criteria. As mentioned, the one or morepredetermine criteria may include, at least in part, a documentidentifier, a jurisdiction identifier, a language identifier, a versionidentifier, a user identifier, or a combination thereof. These criteriamay, for instance, be utilized to determine consent document objects oruser response objects to render the content of consent documents or userresponses to consent documents on an application, a service, a device,etc. (e.g., presenting the content of a consent document to a user forreview prior to accepting the consent document, providing the user witha list of consent documents that the user has accepted, etc.).

As such, when the consent document objects and/or user response objectsare determined, the control logic 201 may, at step 403, determine one oruser interface capabilities of one or more applications, one or moredevices, or a combination thereof. Subsequently, in step 405, thecontrol logic 201 may cause, at least in part, a presentation of the oneor more consent document objects, the one or more user response objects,or a combination thereof based, at least in part, on the one or moreuser interface capabilities. As discussed, the determined user interfacecapabilities may be utilized to process the content document objects orthe user response objects to produce content specifically formatted forthe particular application or device rendering the content (e.g., theprocessed/converted objects).

FIG. 5 is a flowchart of a process for providing notifications inresponse to inconsistent consent behavior, according to one embodiment.In one embodiment, the consent platform 103 performs the process 500 andis implemented in, for instance, a chip set including a processor and amemory as shown in FIG. 10. As such, the control logic 201 can providemeans for accomplishing various parts of the process 500 as well asmeans for accomplishing other processes in conjunction with othercomponents of the consent platform 103.

In step 501, the control logic 201 may process and/or facilitate aprocessing of the one or more consent document objects, the one or moreuser response objects, or a combination thereof to determine consentbehavior of one or more users associated with the one or more consentdocument objects, the one or more user response objects, or acombination thereof. As mentioned, the consent behavior of a particularuser may be determined by querying the one or more consent documentobjects and the one or more user response objects (e.g., by querying thedocument database 109 and the settings database 111) and analyzing thevarious responses to associated consent documents.

In step 503, the control logic 201 may determine whether aninconsistency between at least one of the one or more user responseobjects and the consent behavior. If, for instance, an inconsistencybetween the at least one use response object and the consent behavior isdetermined, the control logic may, as in step 505, cause, at least inpart, a notification relating to at least one of the one or moreresponses associated with the at least one user response object based,at least in part, the inconsistency. In one scenario, for instance, amalware program may cause a notion of acceptance to a particular consentdocument under the guise of a particular user. Nonetheless, if thenotion of acceptance is determined to be inconsistent with the user'sconsent behavior, then an alert may be provided as an email, a SMSmessage, etc., to inform the user that such notion of acceptance hasoccurred. As additional protection, the user may then be provided withan option to cancel the acceptance caused by the malware program.

FIG. 6 is a diagram of consent document objects, according to oneembodiment. As shown, the consent document objects 601 and 603 providemeans to represent attributes, such as Version, Title, Country,Language, Content, Options, and Status. Version may, for instance, referto a version numbering for the consent document associated with theconsent document object. Title may refer to a short human-readable titlefor the consent document. Country may refer to the jurisdiction that theconsent document is direct to, and Language may refer to the languagethat the consent document is written in. Values for the Country andLanguage attributes may, for instance, be represented by InternationalOrganization for Standardization (ISO) codes (e.g., “FI,” “EN,” etc.).Content may refer to a reference to the text of the consent document.Options may refer to a list of selection criteria that a user can makewith respect to the consent document (e.g., “accept, decline”, “all,city, country, none”, etc.). Status may refer to the current internalstatus of the consent document object (e.g., “valid, depreciated”).

Identification of consent document objects may, for instance, beperformed based on a document identifier, a jurisdiction identifier, alanguage identifier, a version identifier, etc. In some embodiments, thedocument identifier may not be a unique identifier since a singleconsent document may be used across multiple versions (e.g., a primaryconsent document may be supplemented by later secondary consentdocuments representing later versions), countries, and languages. Thus,in such cases, the unique identification of each consent document objectmay be based on a plurality of the above multiple attributes.

FIG. 7 provides high-level class diagrams for various base components,according to one embodiment. As shown, and as previously indicated, aconsent document object (e.g., represented by class diagram 701) mayinclude a number of attributes, such as Version, Title, Country,Language, Content, Options, and Status. Moreover, a consent documentobject may further be defined as any number of consent document objecttypes, such as terms and conditions, privacy policies, and marketingconsent (e.g., represented by class diagrams 703, 705, and 707). Asdiscussed, the consent document objects may also be associated with oneor more rules (e.g., represented by class diagram 709) related to adelivery, a presentation, or an enforcement of the consent documentobjects.

The settings data model (e.g., represented by class diagram 711) mayinclude several categories of settings and policies, such as acceptance(or user response objects), policies, and settings (e.g., represented byclass diagrams 713, 715, and 717). With regard to the settings datamodel, settings and policies are made on a per user basis (e.g., byassociation of class diagrams 711 and 719). That is, for any given user,a number of individual settings and policies can be made, but eachuser's settings are separate and non-mixable with any other user'ssettings and policies. As such, the recording of responses (e.g., thenotion of acceptance) is also made on a per user basis. As indicated,the possible answers for an acceptance may be derived from a givenconsent document's values for the options attribute. Additionally, oralternatively, a timestamp may be recorded with each of the settings. Asan example, a user response object may record the date and time that auser accepts a particular consent document, for instance, based on whenthe response was detected. Furthermore, an enforcement function, object,or component (e.g., represented by class diagram 721) may apply thesettings of individual users against the actions of the associatedapplications, devices, etc. For example, a filtering function may beimplemented based on the various settings when collecting informationwith respect to the consent document objects and the user responseobjects.

FIGS. 8A-8C are diagrams of user interfaces utilized in the processes ofFIGS. 3-5, according to various embodiments. FIG. 8A features the UE101, which provides the user interface 800 with a frame window 801 andoptions 803. As illustrated, the Application XYZ has requested a consentdocument from the document database 109, for instance, by submitting arequest to query the consent document objects of the document database109 based on an associated document identifier and the latest versionidentifier as well as the identifiers for the appropriate jurisdictionand language. In addition, the user interface capabilities of theApplication XYZ and the UE 101 may be determined, andapplication/device-specific content representing the consent documentobject may be produced based on the determined user interfacecapabilities for presentation on the application and the device. By wayof example, the content of the consent document associated with theconsent document object may be formatted based on the percentage of thewidth and height of the window frame 801 with respect to the resolutionof the display of the UE 101. As a result, the content may be presentedon the user interface 800 without having to horizontal or verticallyscroll the window frame 801 to view the entirety of the “Terms of Use”for Application XYZ.

FIG. 8B features the UE 101, which provides the user interface 830 witha window frame window 831. In this case, the consent history of User Xis presented on the user interface 830 of the UE 101. As with thepresentation of the consent document object, the user response objectsmay be presented based on a determination of the user interfacecapabilities of the UE 101 to enable full viewing of the consent historywithout having to horizontally or vertically scroll the window frame831. As shown, the detailed list in window frame 831 is sorted byapplication names and the version of the respective consent documents asrepresented in the consent document objects.

FIG. 8C features the UE 101, which provides the user interface 850 witha notification 851 and options 853. As mentioned, consent behavior ofindividual users may be determined by processing the consent documentobjects and the user response objects associated with the individualusers. If, for instance, an inconsistency between a user response objectand the consent behavior is determined, the user associated with theconsent behavior may be alerted of the inconsistent behavior. In FIG.8C, the user is being informed that he/she has recently accepted Version2 of Privacy Policies issued by the company DEF for using Service ABC,but that the notion of acceptance is inconsistent with the user'sconsent behavior (e.g., the user has always declined to accept thePrivacy Policies of the company DEF). As such, the user is given theopportunity to indicate that he/she did not accept Version 2 of PrivacyPolicies for using Service ABC to enable the consent platform 103 totake appropriate remedial measures.

The processes described herein for consent document management may beadvantageously implemented via software, hardware, firmware or acombination of software and/or firmware and/or hardware. For example,the processes described herein, may be advantageously implemented viaprocessor(s), Digital Signal Processing (DSP) chip, an ApplicationSpecific Integrated Circuit (ASIC), Field Programmable Gate Arrays(FPGAs), etc. Such exemplary hardware for performing the describedfunctions is detailed below.

FIG. 9 illustrates a computer system 900 upon which an embodiment of theinvention may be implemented. Although computer system 900 is depictedwith respect to a particular device or equipment, it is contemplatedthat other devices or equipment (e.g., network elements, servers, etc.)within FIG. 9 can deploy the illustrated hardware and components ofsystem 900. Computer system 900 is programmed (e.g., via computerprogram code or instructions) to manage consent documents as describedherein and includes a communication mechanism such as a bus 910 forpassing information between other internal and external components ofthe computer system 900. Information (also called data) is representedas a physical expression of a measurable phenomenon, typically electricvoltages, but including, in other embodiments, such phenomena asmagnetic, electromagnetic, pressure, chemical, biological, molecular,atomic, sub-atomic and quantum interactions. For example, north andsouth magnetic fields, or a zero and non-zero electric voltage,represent two states (0, 1) of a binary digit (bit). Other phenomena canrepresent digits of a higher base. A superposition of multiplesimultaneous quantum states before measurement represents a quantum bit(qubit). A sequence of one or more digits constitutes digital data thatis used to represent a number or code for a character. In someembodiments, information called analog data is represented by a nearcontinuum of measurable values within a particular range. Computersystem 900, or a portion thereof, constitutes a means for performing oneor more steps of consent document management.

A bus 910 includes one or more parallel conductors of information sothat information is transferred quickly among devices coupled to the bus910. One or more processors 902 for processing information are coupledwith the bus 910.

A processor (or multiple processors) 902 performs a set of operations oninformation as specified by computer program code related to consentdocument management. The computer program code is a set of instructionsor statements providing instructions for the operation of the processorand/or the computer system to perform specified functions. The code, forexample, may be written in a computer programming language that iscompiled into a native instruction set of the processor. The code mayalso be written directly using the native instruction set (e.g., machinelanguage). The set of operations include bringing information in fromthe bus 910 and placing information on the bus 910. The set ofoperations also typically include comparing two or more units ofinformation, shifting positions of units of information, and combiningtwo or more units of information, such as by addition or multiplicationor logical operations like OR, exclusive OR (XOR), and AND. Eachoperation of the set of operations that can be performed by theprocessor is represented to the processor by information calledinstructions, such as an operation code of one or more digits. Asequence of operations to be executed by the processor 902, such as asequence of operation codes, constitute processor instructions, alsocalled computer system instructions or, simply, computer instructions.Processors may be implemented as mechanical, electrical, magnetic,optical, chemical or quantum components, among others, alone or incombination.

Computer system 900 also includes a memory 904 coupled to bus 910. Thememory 904, such as a random access memory (RAM) or any other dynamicstorage device, stores information including processor instructions forconsent document management. Dynamic memory allows information storedtherein to be changed by the computer system 900. RAM allows a unit ofinformation stored at a location called a memory address to be storedand retrieved independently of information at neighboring addresses. Thememory 904 is also used by the processor 902 to store temporary valuesduring execution of processor instructions. The computer system 900 alsoincludes a read only memory (ROM) 906 or any other static storage devicecoupled to the bus 910 for storing static information, includinginstructions, that is not changed by the computer system 900. Somememory is composed of volatile storage that loses the information storedthereon when power is lost. Also coupled to bus 910 is a non-volatile(persistent) storage device 908, such as a magnetic disk, optical diskor flash card, for storing information, including instructions, thatpersists even when the computer system 900 is turned off or otherwiseloses power.

Information, including instructions for consent document management, isprovided to the bus 910 for use by the processor from an external inputdevice 912, such as a keyboard containing alphanumeric keys operated bya human user, a microphone, an Infrared (IR) remote control, a joystick,a game pad, a stylus pen, a touch screen, or a sensor. A sensor detectsconditions in its vicinity and transforms those detections into physicalexpression compatible with the measurable phenomenon used to representinformation in computer system 900. Other external devices coupled tobus 910, used primarily for interacting with humans, include a displaydevice 914, such as a cathode ray tube (CRT), a liquid crystal display(LCD), a light emitting diode (LED) display, an organic LED (OLED)display, a plasma screen, or a printer for presenting text or images,and a pointing device 916, such as a mouse, a trackball, cursordirection keys, or a motion sensor, for controlling a position of asmall cursor image presented on the display 914 and issuing commandsassociated with graphical elements presented on the display 914. In someembodiments, for example, in embodiments in which the computer system900 performs all functions automatically without human input, one ormore of external input device 912, display device 914 and pointingdevice 916 is omitted.

In the illustrated embodiment, special purpose hardware, such as anapplication specific integrated circuit (ASIC) 920, is coupled to bus910. The special purpose hardware is configured to perform operationsnot performed by processor 902 quickly enough for special purposes.Examples of ASICs include graphics accelerator cards for generatingimages for display 914, cryptographic boards for encrypting anddecrypting messages sent over a network, speech recognition, andinterfaces to special external devices, such as robotic arms and medicalscanning equipment that repeatedly perform some complex sequence ofoperations that are more efficiently implemented in hardware.

Computer system 900 also includes one or more instances of acommunications interface 970 coupled to bus 910. Communication interface970 provides a one-way or two-way communication coupling to a variety ofexternal devices that operate with their own processors, such asprinters, scanners and external disks. In general the coupling is with anetwork link 978 that is connected to a local network 980 to which avariety of external devices with their own processors are connected. Forexample, communication interface 970 may be a parallel port or a serialport or a universal serial bus (USB) port on a personal computer. Insome embodiments, communications interface 970 is an integrated servicesdigital network (ISDN) card or a digital subscriber line (DSL) card or atelephone modem that provides an information communication connection toa corresponding type of telephone line. In some embodiments, acommunication interface 970 is a cable modem that converts signals onbus 910 into signals for a communication connection over a coaxial cableor into optical signals for a communication connection over a fiberoptic cable. As another example, communications interface 970 may be alocal area network (LAN) card to provide a data communication connectionto a compatible LAN, such as Ethernet. Wireless links may also beimplemented. For wireless links, the communications interface 970 sendsor receives or both sends and receives electrical, acoustic orelectromagnetic signals, including infrared and optical signals, thatcarry information streams, such as digital data. For example, inwireless handheld devices, such as mobile telephones like cell phones,the communications interface 970 includes a radio band electromagnetictransmitter and receiver called a radio transceiver. In certainembodiments, the communications interface 970 enables connection to thecommunication network 105 for providing consent document management tothe UE 101.

The term “computer-readable medium” as used herein refers to any mediumthat participates in providing information to processor 902, includinginstructions for execution. Such a medium may take many forms,including, but not limited to computer-readable storage medium (e.g.,non-volatile media, volatile media), and transmission media.Non-transitory media, such as non-volatile media, include, for example,optical or magnetic disks, such as storage device 908. Volatile mediainclude, for example, dynamic memory 904. Transmission media include,for example, twisted pair cables, coaxial cables, copper wire, fiberoptic cables, and carrier waves that travel through space without wiresor cables, such as acoustic waves and electromagnetic waves, includingradio, optical and infrared waves. Signals include man-made transientvariations in amplitude, frequency, phase, polarization or otherphysical properties transmitted through the transmission media. Commonforms of computer-readable media include, for example, a floppy disk, aflexible disk, hard disk, magnetic tape, any other magnetic medium, aCD-ROM, CDRW, DVD, any other optical medium, punch cards, paper tape,optical mark sheets, any other physical medium with patterns of holes orother optically recognizable indicia, a RAM, a PROM, an EPROM, aFLASH-EPROM, an EEPROM, a flash memory, any other memory chip orcartridge, a carrier wave, or any other medium from which a computer canread. The term computer-readable storage medium is used herein to referto any computer-readable medium except transmission media.

Logic encoded in one or more tangible media includes one or both ofprocessor instructions on a computer-readable storage media and specialpurpose hardware, such as ASIC 920.

Network link 978 typically provides information communication usingtransmission media through one or more networks to other devices thatuse or process the information. For example, network link 978 mayprovide a connection through local network 980 to a host computer 982 orto equipment 984 operated by an Internet Service Provider (ISP). ISPequipment 984 in turn provides data communication services through thepublic, world-wide packet-switching communication network of networksnow commonly referred to as the Internet 990.

A computer called a server host 992 connected to the Internet hosts aprocess that provides a service in response to information received overthe Internet. For example, server host 992 hosts a process that providesinformation representing video data for presentation at display 914. Itis contemplated that the components of system 900 can be deployed invarious configurations within other computer systems, e.g., host 982 andserver 992.

At least some embodiments of the invention are related to the use ofcomputer system 900 for implementing some or all of the techniquesdescribed herein. According to one embodiment of the invention, thosetechniques are performed by computer system 900 in response to processor902 executing one or more sequences of one or more processorinstructions contained in memory 904. Such instructions, also calledcomputer instructions, software and program code, may be read intomemory 904 from another computer-readable medium such as storage device908 or network link 978. Execution of the sequences of instructionscontained in memory 904 causes processor 902 to perform one or more ofthe method steps described herein. In alternative embodiments, hardware,such as ASIC 920, may be used in place of or in combination withsoftware to implement the invention. Thus, embodiments of the inventionare not limited to any specific combination of hardware and software,unless otherwise explicitly stated herein.

The signals transmitted over network link 978 and other networks throughcommunications interface 970, carry information to and from computersystem 900. Computer system 900 can send and receive information,including program code, through the networks 980, 990 among others,through network link 978 and communications interface 970. In an exampleusing the Internet 990, a server host 992 transmits program code for aparticular application, requested by a message sent from computer 900,through Internet 990, ISP equipment 984, local network 980 andcommunications interface 970. The received code may be executed byprocessor 902 as it is received, or may be stored in memory 904 or instorage device 908 or any other non-volatile storage for laterexecution, or both. In this manner, computer system 900 may obtainapplication program code in the form of signals on a carrier wave.

Various forms of computer readable media may be involved in carrying oneor more sequence of instructions or data or both to processor 902 forexecution. For example, instructions and data may initially be carriedon a magnetic disk of a remote computer such as host 982. The remotecomputer loads the instructions and data into its dynamic memory andsends the instructions and data over a telephone line using a modem. Amodem local to the computer system 900 receives the instructions anddata on a telephone line and uses an infra-red transmitter to convertthe instructions and data to a signal on an infra-red carrier waveserving as the network link 978. An infrared detector serving ascommunications interface 970 receives the instructions and data carriedin the infrared signal and places information representing theinstructions and data onto bus 910. Bus 910 carries the information tomemory 904 from which processor 902 retrieves and executes theinstructions using some of the data sent with the instructions. Theinstructions and data received in memory 904 may optionally be stored onstorage device 908, either before or after execution by the processor902.

FIG. 10 illustrates a chip set or chip 1000 upon which an embodiment ofthe invention may be implemented. Chip set 1000 is programmed to manageconsent documents as described herein and includes, for instance, theprocessor and memory components described with respect to FIG. 9incorporated in one or more physical packages (e.g., chips). By way ofexample, a physical package includes an arrangement of one or morematerials, components, and/or wires on a structural assembly (e.g., abaseboard) to provide one or more characteristics such as physicalstrength, conservation of size, and/or limitation of electricalinteraction. It is contemplated that in certain embodiments the chip set1000 can be implemented in a single chip. It is further contemplatedthat in certain embodiments the chip set or chip 1000 can be implementedas a single “system on a chip.” It is further contemplated that incertain embodiments a separate ASIC would not be used, for example, andthat all relevant functions as disclosed herein would be performed by aprocessor or processors. Chip set or chip 1000, or a portion thereof,constitutes a means for performing one or more steps of providing userinterface navigation information associated with the availability offunctions. Chip set or chip 1000, or a portion thereof, constitutes ameans for performing one or more steps of consent document management.

In one embodiment, the chip set or chip 1000 includes a communicationmechanism such as a bus 1001 for passing information among thecomponents of the chip set 1000. A processor 1003 has connectivity tothe bus 1001 to execute instructions and process information stored in,for example, a memory 1005. The processor 1003 may include one or moreprocessing cores with each core configured to perform independently. Amulti-core processor enables multiprocessing within a single physicalpackage. Examples of a multi-core processor include two, four, eight, orgreater numbers of processing cores. Alternatively or in addition, theprocessor 1003 may include one or more microprocessors configured intandem via the bus 1001 to enable independent execution of instructions,pipelining, and multithreading. The processor 1003 may also beaccompanied with one or more specialized components to perform certainprocessing functions and tasks such as one or more digital signalprocessors (DSP) 1007, or one or more application-specific integratedcircuits (ASIC) 1009. A DSP 1007 typically is configured to processreal-world signals (e.g., sound) in real time independently of theprocessor 1003. Similarly, an ASIC 1009 can be configured to performedspecialized functions not easily performed by a more general purposeprocessor. Other specialized components to aid in performing theinventive functions described herein may include one or more fieldprogrammable gate arrays (FPGA), one or more controllers, or one or moreother special-purpose computer chips.

In one embodiment, the chip set or chip 1000 includes merely one or moreprocessors and some software and/or firmware supporting and/or relatingto and/or for the one or more processors.

The processor 1003 and accompanying components have connectivity to thememory 1005 via the bus 1001. The memory 1005 includes both dynamicmemory (e.g., RAM, magnetic disk, writable optical disk, etc.) andstatic memory (e.g., ROM, CD-ROM, etc.) for storing executableinstructions that when executed perform the inventive steps describedherein to manage consent documents. The memory 1005 also stores the dataassociated with or generated by the execution of the inventive steps.

FIG. 11 is a diagram of exemplary components of a mobile terminal (e.g.,handset) for communications, which is capable of operating in the systemof FIG. 1, according to one embodiment. In some embodiments, mobileterminal 1101, or a portion thereof, constitutes a means for performingone or more steps of consent document management. Generally, a radioreceiver is often defined in terms of front-end and back-endcharacteristics. The front-end of the receiver encompasses all of theRadio Frequency (RF) circuitry whereas the back-end encompasses all ofthe base-band processing circuitry. As used in this application, theterm “circuitry” refers to both: (1) hardware-only implementations (suchas implementations in only analog and/or digital circuitry), and (2) tocombinations of circuitry and software (and/or firmware) (such as, ifapplicable to the particular context, to a combination of processor(s),including digital signal processor(s), software, and memory(ies) thatwork together to cause an apparatus, such as a mobile phone or server,to perform various functions). This definition of “circuitry” applies toall uses of this term in this application, including in any claims. As afurther example, as used in this application and if applicable to theparticular context, the term “circuitry” would also cover animplementation of merely a processor (or multiple processors) and its(or their) accompanying software/or firmware. The term “circuitry” wouldalso cover if applicable to the particular context, for example, abaseband integrated circuit or applications processor integrated circuitin a mobile phone or a similar integrated circuit in a cellular networkdevice or other network devices.

Pertinent internal components of the telephone include a Main ControlUnit (MCU) 1103, a Digital Signal Processor (DSP) 1105, and areceiver/transmitter unit including a microphone gain control unit and aspeaker gain control unit. A main display unit 1107 provides a displayto the user in support of various applications and mobile terminalfunctions that perform or support the steps of consent documentmanagement. The display 1107 includes display circuitry configured todisplay at least a portion of a user interface of the mobile terminal(e.g., mobile telephone). Additionally, the display 1107 and displaycircuitry are configured to facilitate user control of at least somefunctions of the mobile terminal. An audio function circuitry 1109includes a microphone 1111 and microphone amplifier that amplifies thespeech signal output from the microphone 1111. The amplified speechsignal output from the microphone 1111 is fed to a coder/decoder (CODEC)1113.

A radio section 1115 amplifies power and converts frequency in order tocommunicate with a base station, which is included in a mobilecommunication system, via antenna 1117. The power amplifier (PA) 1119and the transmitter/modulation circuitry are operationally responsive tothe MCU 1103, with an output from the PA 1119 coupled to the duplexer1121 or circulator or antenna switch, as known in the art. The PA 1119also couples to a battery interface and power control unit 1120.

In use, a user of mobile terminal 1101 speaks into the microphone 1111and his or her voice along with any detected background noise isconverted into an analog voltage. The analog voltage is then convertedinto a digital signal through the Analog to Digital Converter (ADC)1123. The control unit 1103 routes the digital signal into the DSP 1105for processing therein, such as speech encoding, channel encoding,encrypting, and interleaving. In one embodiment, the processed voicesignals are encoded, by units not separately shown, using a cellulartransmission protocol such as enhanced data rates for global evolution(EDGE), general packet radio service (GPRS), global system for mobilecommunications (GSM), Internet protocol multimedia subsystem (IMS),universal mobile telecommunications system (UMTS), etc., as well as anyother suitable wireless medium, e.g., microwave access (WiMAX), LongTerm Evolution (LTE) networks, code division multiple access (CDMA),wideband code division multiple access (WCDMA), wireless fidelity(WiFi), satellite, and the like, or any combination thereof

The encoded signals are then routed to an equalizer 1125 forcompensation of any frequency-dependent impairments that occur duringtransmission though the air such as phase and amplitude distortion.After equalizing the bit stream, the modulator 1127 combines the signalwith a RF signal generated in the RF interface 1129. The modulator 1127generates a sine wave by way of frequency or phase modulation. In orderto prepare the signal for transmission, an up-converter 1131 combinesthe sine wave output from the modulator 1127 with another sine wavegenerated by a synthesizer 1133 to achieve the desired frequency oftransmission. The signal is then sent through a PA 1119 to increase thesignal to an appropriate power level. In practical systems, the PA 1119acts as a variable gain amplifier whose gain is controlled by the DSP1105 from information received from a network base station. The signalis then filtered within the duplexer 1121 and optionally sent to anantenna coupler 1135 to match impedances to provide maximum powertransfer. Finally, the signal is transmitted via antenna 1117 to a localbase station. An automatic gain control (AGC) can be supplied to controlthe gain of the final stages of the receiver. The signals may beforwarded from there to a remote telephone which may be another cellulartelephone, any other mobile phone or a land-line connected to a PublicSwitched Telephone Network (PSTN), or other telephony networks.

Voice signals transmitted to the mobile terminal 1101 are received viaantenna 1117 and immediately amplified by a low noise amplifier (LNA)1137. A down-converter 1139 lowers the carrier frequency while thedemodulator 1141 strips away the RF leaving only a digital bit stream.The signal then goes through the equalizer 1125 and is processed by theDSP 1105. A Digital to Analog Converter (DAC) 1143 converts the signaland the resulting output is transmitted to the user through the speaker1145, all under control of a Main Control Unit (MCU) 1103 which can beimplemented as a Central Processing Unit (CPU).

The MCU 1103 receives various signals including input signals from thekeyboard 1147. The keyboard 1147 and/or the MCU 1103 in combination withother user input components (e.g., the microphone 1111) comprise a userinterface circuitry for managing user input. The MCU 1103 runs a userinterface software to facilitate user control of at least some functionsof the mobile terminal 1101 to manage consent documents. The MCU 1103also delivers a display command and a switch command to the display 1107and to the speech output switching controller, respectively. Further,the MCU 1103 exchanges information with the DSP 1105 and can access anoptionally incorporated SIM card 1149 and a memory 1151. In addition,the MCU 1103 executes various control functions required of theterminal. The DSP 1105 may, depending upon the implementation, performany of a variety of conventional digital processing functions on thevoice signals. Additionally, DSP 1105 determines the background noiselevel of the local environment from the signals detected by microphone1111 and sets the gain of microphone 1111 to a level selected tocompensate for the natural tendency of the user of the mobile terminal1101.

The CODEC 1113 includes the ADC 1123 and DAC 1143. The memory 1151stores various data including call incoming tone data and is capable ofstoring other data including music data received via, e.g., the globalInternet. The software module could reside in RAM memory, flash memory,registers, or any other form of writable storage medium known in theart. The memory device 1151 may be, but not limited to, a single memory,CD, DVD, ROM, RAM, EEPROM, optical storage, magnetic disk storage, flashmemory storage, or any other non-volatile storage medium capable ofstoring digital data.

An optionally incorporated SIM card 1149 carries, for instance,important information, such as the cellular phone number, the carriersupplying service, subscription details, and security information. TheSIM card 1149 serves primarily to identify the mobile terminal 1101 on aradio network. The card 1149 also contains a memory for storing apersonal telephone number registry, text messages, and user specificmobile terminal settings.

While the invention has been described in connection with a number ofembodiments and implementations, the invention is not so limited butcovers various obvious modifications and equivalent arrangements, whichfall within the purview of the appended claims. Although features of theinvention are expressed in certain combinations among the claims, it iscontemplated that these features can be arranged in any combination andorder.

What is claimed is:
 1. A method comprising facilitating a processing ofand/or processing (1) data and/or (2) information and/or (3) at leastone signal, the (1) data and/or (2) information and/or (3) at least onesignal based, at least in part, on the following: a creation of one ormore consent document objects representing one or more consentdocuments, metadata associated with the one or more consent documents,or a combination thereof; and a processing of one or more responses tothe one or more consent documents to cause, at least in part, a creationof one or more user response objects, wherein the one or more userresponse objects record the one or more responses on a per user basis.2. A method of claim 1, wherein the (1) data and/or (2) informationand/or (3) at least one signal are further based, at least in part, onthe following: at least one determination of one or user interfacecapabilities of one or more applications, one or more devices, or acombination thereof; and a presentation of the one or more consentdocument objects, the one or more user response objects, or acombination thereof based, at least in part, on the one or more userinterface capabilities.
 3. A method of claim 1, wherein the (1) dataand/or (2) information and/or (3) at least one signal are further based,at least in part, on the following: at least one determination to querythe one or more consent document objects, the one or more user responseobjects, or a combination thereof for the one or more consent documents,the one or more responses, or a combination thereof based, at least inpart, on one or more predetermined criteria.
 4. A method of claim 3,wherein the one or more predetermined criteria include, at least inpart, a document identifier, a jurisdiction identifier, a languageidentifier, a version identifier, a user identifier, or a combinationthereof.
 5. A method of claim 1, wherein the (1) data and/or (2)information and/or (3) at least one signal are further based, at leastin part, on the following: at least one determination of contextinformation associated with the one or more responses upon a detectionof the one or more responses, wherein the one or more user responseobjects include, at least in part, the context information.
 6. A methodof claim 5, wherein the (1) data and/or (2) information and/or (3) atleast one signal are further based, at least in part, on the following:at least one determination of one or more timelines associated with theone or more user response objects based, at least in part, on thecontext information.
 7. A method of claim 1, wherein the (1) data and/or(2) information and/or (3) at least one signal are further based, atleast in part, on the following: a processing of the one or more consentdocument objects, the one or more user response objects, or acombination thereof to determine consent behavior of one or more usersassociated with the one or more consent document objects, the one ormore user response objects, or a combination thereof.
 8. A method ofclaim 7, wherein the (1) data and/or (2) information and/or (3) at leastone signal are further based, at least in part, on the following: atleast one determination of an inconsistency between at least one of theone or more user response objects and the consent behavior; and anotification relating to at least one of the one or more responsesassociated with the at least one user response object based, at least inpart, the inconsistency.
 9. A method of claim 1, wherein the (1) dataand/or (2) information and/or (3) at least one signal are further based,at least in part, on the following: an association of the one or moreconsent document objects with one or more rules relating, at least inpart, to a delivery, a presentation, an enforcement, or a combinationthereof of the one or more consent document objects.
 10. A method ofclaim 1, wherein at least one of the one or more consent documents, atleast one of the one or more responses, or a combination thereof are asupplement for at least another one of the one or more consentdocuments, at least another one of the one or more user responseobjects, or a combination thereof, and wherein the (1) data and/or (2)information and/or (3) at least one signal are further based, at leastin part, on the following: a linking of the one or more consent documentobjects, the one or more user response objects, or a combination thereofto represent a composite of the respective consent documents, therespective responses, or a combination thereof
 11. An apparatuscomprising: at least one processor; and at least one memory includingcomputer program code for one or more programs, the at least one memoryand the computer program code configured to, with the at least oneprocessor, cause the apparatus to perform at least the following, cause,at least in part, a creation of one or more consent document objectsrepresenting one or more consent documents, metadata associated with theone or more consent documents, or a combination thereof; and processand/or facilitate a processing of one or more responses to the one ormore consent documents to cause, at least in part, a creation of one ormore user response objects, wherein the one or more user responseobjects record the one or more responses on a per user basis.
 12. Anapparatus of claim 11, wherein the apparatus is further caused to:determine one or user interface capabilities of one or moreapplications, one or more devices, or a combination thereof and cause,at least in part, a presentation of the one or more consent documentobjects, the one or more user response objects, or a combination thereofbased, at least in part, on the one or more user interface capabilities.13. An apparatus of claim 11, wherein the apparatus is further causedto: determine to query the one or more consent document objects, the oneor more user response objects, or a combination thereof for the one ormore consent documents, the one or more responses, or a combinationthereof based, at least in part, on one or more predetermined criteria.14. An apparatus of claim 13, wherein the one or more predeterminedcriteria include, at least in part, a document identifier, ajurisdiction identifier, a language identifier, a version identifier, auser identifier, or a combination thereof
 15. An apparatus of claim 11,wherein the apparatus is further caused to: determine contextinformation associated with the one or more responses upon a detectionof the one or more responses, wherein the one or more user responseobjects include, at least in part, the context information.
 16. Anapparatus of claim 15, wherein the apparatus is further caused to:determine one or more timelines associated with the one or more userresponse objects based, at least in part, on the context information.17. An apparatus of claim 11, wherein the apparatus is further causedto: process and/or facilitate a processing of the one or more consentdocument objects, the one or more user response objects, or acombination thereof to determine consent behavior of one or more usersassociated with the one or more consent document objects, the one ormore user response objects, or a combination thereof
 18. An apparatus ofclaim 17, wherein the apparatus is further caused to: determine aninconsistency between at least one of the one or more user responseobjects and the consent behavior; and cause, at least in part, anotification relating to at least one of the one or more responsesassociated with the at least one user response object based, at least inpart, the inconsistency.
 19. An apparatus of claim 11, wherein theapparatus is further caused to: cause, at least in part, an associationof the one or more consent document objects with one or more rulesrelating, at least in part, to a delivery, a presentation, anenforcement, or a combination thereof of the one or more consentdocument objects.
 20. An apparatus of claim 11, wherein at least one ofthe one or more consent documents, at least one of the one or moreresponses, or a combination thereof are a supplement for at leastanother one of the one or more consent documents, at least another oneof the one or more user response objects, or a combination thereof, andwherein the apparatus is further caused to: cause, at least in part, alinking of the one or more consent document objects, the one or moreuser response objects, or a combination thereof to represent a compositeof the respective consent documents, the respective responses, or acombination thereof.